[lxc-users] More secure container
jfolkins at gmail.com
Tue May 9 15:47:49 UTC 2017
This email is timely as I was researching this (again) last night. It
resulted in me taking a look through the lxd demo server code and configs
which I think do a very reasonable job at allowing untrusted users access
My final thought was that if the community felt there was a bit more to
add, we/I could fork the project and call it lxd-demo-server-paranoid with
some extra security configuration primitives sprinkled on top.
I haven't defined what the "extras" would be, but if the idea sounds
reasonable, I'd love some ideas.
On Tue, May 9, 2017 at 8:22 AM, T.C 吳天健 <tcwu2005 at gmail.com> wrote:
> Hi ,
> Its said privileged container is unsecured . For example, if a user in the
> container (suppose it's running a service toward the public) hack the
> system with some kind of root kit.
> I am thinking of building a more secure container. The first idea is to
> use unprivileged container; Second is apply cgroup to limit viewing of
> some sensitive /dev files, and any recommendation?
> -use unprivileged container
> -cgroup to limit viewing of some /dev files
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the lxc-users